added proftpd section, adjusted vsftpd patch to dont interfer. boosted debian revision

2006-05-28 03:13:56 +00:00 · 2006-05-28 03:13:56 +00:00 · fc9b8a887f
parent 1fbcf9a9a5
commit fc9b8a887f
4 changed files with 188 additions and 2 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,7 +1,8 @@
-fail2ban (0.6.1-6) unstable; urgency=low
+fail2ban (0.6.1-7) unstable; urgency=low

  * Removed bashism (arrays) from init.d script to make it POSIX shell
    complient (closes: #368218)
+  * Added new proftpd section

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 22 May 2006 15:37:17 -0400

--- a/debian/patches/00_proftpd_section.dpatch
+++ b/debian/patches/00_proftpd_section.dpatch
@ -0,0 +1,160 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_proftpd_section.dpatch by  <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: New section for proftpd
+
+@DPATCH@
+
+diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny
+--- fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny	2006-05-27 22:57:03.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny	2006-05-27 23:01:11.000000000 -0400
+@@ -291,6 +291,47 @@
+ failregex = FAIL LOGIN
+ 
+ 
+[PROFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/proftpd/proftpd.log
+# Other.: /var/log/auth.log
+#
+logfile = /var/log/proftpd/proftpd.log
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default: ftp
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+
+
+ [SSH]
+ # Option:  enabled
+ # Notes.:  enable monitoring for this section.
+diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
+--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables	2006-05-27 22:57:03.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables	2006-05-27 23:01:20.000000000 -0400
+@@ -385,6 +385,48 @@
+ #
+ failregex = FAIL LOGIN
+ 
+
+[PROFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/proftpd/proftpd.log
+# Other.: /var/log/auth.log
+#
+logfile = /var/log/proftpd/proftpd.log
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default: ftp
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+
+
+ [SSH]
+ # Option:  enabled
+ # Notes.:  enable monitoring for this section.
+diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall fail2ban-0.6.1.post/config/fail2ban.conf.shorewall
+--- fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall	2006-05-27 22:57:03.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.shorewall	2006-05-27 23:00:32.000000000 -0400
+@@ -277,6 +277,45 @@
+ #
+ failregex = FAIL LOGIN
+ 
+[PROFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/proftpd/proftpd.log
+# Other.: /var/log/auth.log
+#
+logfile = /var/log/proftpd/proftpd.log
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default: ftp
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+ 
+ [SSH]
+ # Option:  enabled
--- a/debian/patches/00_vsftpd_regexp.dpatch
+++ b/debian/patches/00_vsftpd_regexp.dpatch
@ -16,5 +16,29 @@ diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.iptables fail2ban-0.6.1.fixed
 -failregex = FAIL LOGIN
 +failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
 
- [SSH]
+ [PROFTPD]
+ # Option:  enabled
+diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall
+--- fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall	2006-03-27 12:56:38.000000000 -0500
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall	2006-05-10 13:47:40.000000000 -0400
+@@ -383,7 +383,7 @@
+ # Notes.: regex to match the password failures messages in the logfile.
+ # Values: TEXT Default: Authentication failure|Failed password|Invalid user
+ #
+-failregex = FAIL LOGIN
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
+ 
+ [PROFTPD]
+ # Option:  enabled
+diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny
+--- fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny	2006-03-27 12:56:38.000000000 -0500
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny	2006-05-10 13:47:40.000000000 -0400
+@@ -383,7 +383,7 @@
+ # Notes.: regex to match the password failures messages in the logfile.
+ # Values: TEXT Default: Authentication failure|Failed password|Invalid user
+ #
+-failregex = FAIL LOGIN
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
+ 
+ [PROFTPD]
 # Option:  enabled
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -1 +1,2 @@
+00_proftpd_section
 00_vsftpd_regexp